Last weekend I got roped into helping one of my wife's work friends upgrade to a brand new
PC. After a full afternoon of unpacking equipment, getting it all plugged in, and copying
data from the old to the new computer, it was finally time to get her Internet access
working. I'd forgotten how awful the era of dialup was as we got connected and began the
arduously slow task of downloading the necessary Windows XP Updates. After 20 or 30
minutes of waiting we decided to go out for dinner. But when we came back, the computer
was acting really strangely. The Updates were taking forever to download, and once
downloaded they wouldn't install. Buttons like "Restart" were missing, and the installed
virus scanner kept shutting off. The interface showed lots of traffic even when I wasn't
doing anything. Great. Suspecting the worst, I finally offered to just take the system
home and get it all patched up in the comfort of my own network. I should have known
better than put an unprotected Windows box on the Internet, even for a minute.

Sure enough, as soon I turned on the computer and put it in a quarantined area on my home
network, it began spewing out billions of packets port 445. Sasser. Fantastic. Plus
some other stuff to port 13000 I didn't recognize. I tried cleaning the system up--I got
all the Windows XP updates installed, got the virus scanner all up to date, ran a Sasser
removal tool, ran a few full system virus scans. It found about 5 or 6 viruses, stuff
like W32.Spybot.Worm and W32.Bobax.C. However even after all the cleanup, the computer
was still spewing tons of 445 packets into the aether. I nuked some processes that I
didn't recognize (which did finally stop the packet storm), and removed them from the
registry so they wouldn't start up again. These were all things the virus scanners didn't
know about, I guess. After a little while of this, I realized I was running around a bit
half-cocked, turning things off, making changes--kind of like the infamous Whack-A-Mole
carnival game, where the little rodents keep popping their heads up faster than you can
hit them over the head with your mallet. Although I think I finally got the worst
offenders, who knows what else was lurking on the machine, or what permanent damage had
been done.

At this point, I realized I could just hand back the machine, but my conscience would
stand for nothing less than a full reinstall. So that's what I did--this time with the
benefits of a broadband connection and a NAT firewall. The key, it appears, for those
unlucky enough to not have a private network and firewall, is to enable Windows XP's
built-in Internet Connection Firewall (ICF) before ever plugging in a phone or
ethernet cable. Even this has problems, like apparently there's a brief period during
bootup where your interfaces are on, but ICF isn't, but this shouldn't be a problem for
dialup users.

Argh. I hate Windows.

The really sad thing here is, how are lay consumers expected to know that their brand new,
$1000-$2000 dollar PC is going to be compromised the second they connect to the Internet?
Shouldn't the computer come with a big, yellow warning label on the front of the box:
WARNING: Microsoft products loaded--seek professional assistance
before connecting to the Internet. A friend of mine at work always jokes that the
little "Intel Inside" sticker on the front of every PC is actually a warning label. Isn't
that the truth.

First of all great site. I love the subnetting practice tool, do you have a
downloadable version? Yesterday I install XP Service Pack 2 and let me tell
ya I am so far very impressed. Not being the type that likes configuring
firewall programs and the like I have to admit the new security features
very nice. The built in pop up blocker alone is worth it. Everything
defaults to the "ON" so for the novice there is nothing to mess with. I
went to several port scanning sites and connecting straigt to the cable
modem, no router or nat in between it showed a nice sercure system. Of
course everyone knows there will be holes to fill but if Microsoft would
have proactive instead of reactive to security issues this would have been
included in SP1 or even the original release of XP.
David

On Fri Aug 20th 2004, 12:58pm, Steve Kehlet posted:

> I love the subnetting practice tool, do you have a downloadable version?
Sure, you can download the PHP source at:
http://www.kehlet.cx/docs/2004/03/subnet.phps. Of course, to run it you'd
need a web server with PHP running. Most Linux distros ship with Apache +
PHP installed.

> According to the researchers, an unpatched Windows PC connected to the
Internet
> will last for only about 20 minutes before it's compromised by
malware, on
> average. That figure is down from around 40 minutes, the group's
estimate in
> 2003.
> ...
> The drop from 40 minutes to 20 minutes is worrisome because it means
the average
> "survival time" is not long enough for a user to download
the very patches that
> would protect a PC from Internet threats.

Yeah.

On Sat Nov 18th 2006, 1:30pm, Visitor posted:

>#1 reason >all xp are admin out of the box that way xp can phone
home and M$ can mine data from your computer
>#2 too many services the average person will probably never use along
with the ports they open
>#3 people are clueless too what is out there> umm yeah I just
opened my spiffy new dell and plugged in the ethernet cable
why is this thing acting up >>>DELL Sucks I hear that all the time
then I must correct them >>no you need to learn.
>#4 this is microsoft's fault 1 making everyone admin and 2
doing nothing to educate people on how to run as non admin
OH WAIT then they can't control you > sorry I forgot